2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Jeremy Allison 1999.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #define DBGC_CLASS DBGC_RPC_SRV
28 #define PIPE "\\PIPE\\"
29 #define PIPELEN strlen(PIPE)
31 static smb_np_struct *chain_p;
32 static int pipes_open;
34 #ifndef MAX_OPEN_PIPES
35 #define MAX_OPEN_PIPES 2048
38 static smb_np_struct *Pipes;
39 static pipes_struct *InternalPipes;
40 static struct bitmap *bmap;
43 * the following prototypes are declared here to avoid
44 * code being moved about too much for a patch to be
45 * disrupted / less obvious.
47 * these functions, and associated functions that they
48 * call, should be moved behind a .so module-loading
49 * system _anyway_. so that's the next step...
52 static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n,
53 BOOL *is_data_outstanding);
54 static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n);
55 static BOOL close_internal_rpc_pipe_hnd(void *np_conn);
56 static void *make_internal_rpc_pipe_p(char *pipe_name,
57 connection_struct *conn, uint16 vuid);
59 /****************************************************************************
60 Pipe iterator functions.
61 ****************************************************************************/
63 smb_np_struct *get_first_pipe(void)
68 smb_np_struct *get_next_pipe(smb_np_struct *p)
73 /****************************************************************************
74 Internal Pipe iterator functions.
75 ****************************************************************************/
77 pipes_struct *get_first_internal_pipe(void)
82 pipes_struct *get_next_internal_pipe(pipes_struct *p)
87 /* this must be larger than the sum of the open files and directories */
88 static int pipe_handle_offset;
90 /****************************************************************************
91 Set the pipe_handle_offset. Called from smbd/files.c
92 ****************************************************************************/
94 void set_pipe_handle_offset(int max_open_files)
96 if(max_open_files < 0x7000)
97 pipe_handle_offset = 0x7000;
99 pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
102 /****************************************************************************
103 Reset pipe chain handle number.
104 ****************************************************************************/
105 void reset_chain_p(void)
110 /****************************************************************************
111 Initialise pipe handle states.
112 ****************************************************************************/
114 void init_rpc_pipe_hnd(void)
116 bmap = bitmap_allocate(MAX_OPEN_PIPES);
118 exit_server("out of memory in init_rpc_pipe_hnd");
121 /****************************************************************************
122 Initialise an outgoing packet.
123 ****************************************************************************/
125 static BOOL pipe_init_outgoing_data(pipes_struct *p)
127 output_data *o_data = &p->out_data;
129 /* Reset the offset counters. */
130 o_data->data_sent_length = 0;
131 o_data->current_pdu_len = 0;
132 o_data->current_pdu_sent = 0;
134 memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
136 /* Free any memory in the current return data buffer. */
137 prs_mem_free(&o_data->rdata);
140 * Initialize the outgoing RPC data buffer.
141 * we will use this as the raw data area for replying to rpc requests.
143 if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
144 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
151 /****************************************************************************
152 Find first available pipe slot.
153 ****************************************************************************/
155 smb_np_struct *open_rpc_pipe_p(char *pipe_name,
156 connection_struct *conn, uint16 vuid)
159 smb_np_struct *p, *p_it;
160 static int next_pipe;
162 DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
163 pipe_name, pipes_open));
166 /* not repeating pipe numbers makes it easier to track things in
167 log files and prevents client bugs where pipe numbers are reused
168 over connection restarts */
170 next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
172 i = bitmap_find(bmap, next_pipe);
175 DEBUG(0,("ERROR! Out of pipe structures\n"));
179 next_pipe = (i+1) % MAX_OPEN_PIPES;
181 for (p = Pipes; p; p = p->next)
182 DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));
184 p = (smb_np_struct *)malloc(sizeof(*p));
188 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
194 /* add a dso mechanism instead of this, here */
196 p->namedpipe_create = make_internal_rpc_pipe_p;
197 p->namedpipe_read = read_from_internal_pipe;
198 p->namedpipe_write = write_to_internal_pipe;
199 p->namedpipe_close = close_internal_rpc_pipe_hnd;
201 p->np_state = p->namedpipe_create(pipe_name, conn, vuid);
203 if (p->np_state == NULL) {
205 DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n"));
214 * Initialize the incoming RPC data buffer with one PDU worth of memory.
215 * We cheat here and say we're marshalling, as we intend to add incoming
216 * data directly into the prs_struct and we want it to auto grow. We will
217 * change the type to UNMARSALLING before processing the stream.
221 i += pipe_handle_offset;
233 p->max_trans_reply = 0;
235 fstrcpy(p->name, pipe_name);
237 DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
238 pipe_name, i, pipes_open));
242 /* Iterate over p_it as a temp variable, to display all open pipes */
243 for (p_it = Pipes; p_it; p_it = p_it->next)
244 DEBUG(5,("open pipes: name %s pnum=%x\n", p_it->name, p_it->pnum));
249 /****************************************************************************
250 * make an internal namedpipes structure
251 ****************************************************************************/
253 static void *make_internal_rpc_pipe_p(char *pipe_name,
254 connection_struct *conn, uint16 vuid)
257 user_struct *vuser = get_valid_user_struct(vuid);
259 DEBUG(4,("Create pipe requested %s\n", pipe_name));
261 if (!vuser && vuid != UID_FIELD_INVALID) {
262 DEBUG(0,("ERROR! vuid %d did not map to a valid vuser struct!\n", vuid));
266 p = (pipes_struct *)malloc(sizeof(*p));
270 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
276 if ((p->mem_ctx = talloc_init()) == NULL) {
277 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
282 if (!init_pipe_handle_list(p, pipe_name)) {
283 DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
284 talloc_destroy(p->mem_ctx);
290 * Initialize the incoming RPC data buffer with one PDU worth of memory.
291 * We cheat here and say we're marshalling, as we intend to add incoming
292 * data directly into the prs_struct and we want it to auto grow. We will
293 * change the type to UNMARSALLING before processing the stream.
296 if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
297 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
301 DLIST_ADD(InternalPipes, p);
305 /* Ensure the connection isn't idled whilst this pipe is open. */
306 p->conn->num_files_open++;
310 p->ntlmssp_chal_flags = 0;
311 p->ntlmssp_auth_validated = False;
312 p->ntlmssp_auth_requested = False;
314 p->pipe_bound = False;
315 p->fault_state = False;
316 p->endian = RPC_LITTLE_ENDIAN;
318 ZERO_STRUCT(p->pipe_user);
320 p->pipe_user.uid = (uid_t)-1;
321 p->pipe_user.gid = (gid_t)-1;
323 /* Store the session key */
325 memcpy(p->session_key, vuser->session_key, sizeof(p->session_key));
329 * Initialize the incoming RPC struct.
332 p->in_data.pdu_needed_len = 0;
333 p->in_data.pdu_received_len = 0;
336 * Initialize the outgoing RPC struct.
339 p->out_data.current_pdu_len = 0;
340 p->out_data.current_pdu_sent = 0;
341 p->out_data.data_sent_length = 0;
344 * Initialize the outgoing RPC data buffer with no memory.
346 prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL);
348 fstrcpy(p->name, pipe_name);
350 DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
351 pipe_name, pipes_open));
356 /****************************************************************************
357 Sets the fault state on incoming packets.
358 ****************************************************************************/
360 static void set_incoming_fault(pipes_struct *p)
362 prs_mem_free(&p->in_data.data);
363 p->in_data.pdu_needed_len = 0;
364 p->in_data.pdu_received_len = 0;
365 p->fault_state = True;
366 DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : vuid = 0x%x\n",
370 /****************************************************************************
371 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
372 ****************************************************************************/
374 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
376 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
378 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
379 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
380 (unsigned int)p->in_data.pdu_received_len ));
382 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
383 p->in_data.pdu_received_len += len_needed_to_complete_hdr;
385 return (ssize_t)len_needed_to_complete_hdr;
388 /****************************************************************************
389 Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
390 ****************************************************************************/
392 static ssize_t unmarshall_rpc_header(pipes_struct *p)
395 * Unmarshall the header to determine the needed length.
400 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
401 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
402 set_incoming_fault(p);
406 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
407 prs_set_endian_data( &rpc_in, p->endian);
409 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
410 p->in_data.pdu_received_len, False);
413 * Unmarshall the header as this will tell us how much
414 * data we need to read to get the complete pdu.
415 * This also sets the endian flag in rpc_in.
418 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
419 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
420 set_incoming_fault(p);
421 prs_mem_free(&rpc_in);
426 * Validate the RPC header.
429 if(p->hdr.major != 5 && p->hdr.minor != 0) {
430 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
431 set_incoming_fault(p);
432 prs_mem_free(&rpc_in);
437 * If there's not data in the incoming buffer this should be the start of a new RPC.
440 if(prs_offset(&p->in_data.data) == 0) {
443 * AS/U doesn't set FIRST flag in a BIND packet it seems.
446 if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) {
448 * Ensure that the FIRST flag is set. If not then we have
449 * a stream missmatch.
452 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
453 set_incoming_fault(p);
454 prs_mem_free(&rpc_in);
459 * If this is the first PDU then set the endianness
460 * flag in the pipe. We will need this when parsing all
464 p->endian = rpc_in.bigendian_data;
466 DEBUG(5,("unmarshall_rpc_header: using %sendian RPC\n",
467 p->endian == RPC_LITTLE_ENDIAN ? "little-" : "big-" ));
472 * If this is *NOT* the first PDU then check the endianness
473 * flag in the pipe is the same as that in the PDU.
476 if (p->endian != rpc_in.bigendian_data) {
477 DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag (%d) different in next PDU !\n", (int)p->endian));
478 set_incoming_fault(p);
479 prs_mem_free(&rpc_in);
485 * Ensure that the pdu length is sane.
488 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
489 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
490 set_incoming_fault(p);
491 prs_mem_free(&rpc_in);
495 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
496 (unsigned int)p->hdr.flags ));
499 * Adjust for the header we just ate.
501 p->in_data.pdu_received_len = 0;
502 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
505 * Null the data we just ate.
508 memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
510 prs_mem_free(&rpc_in);
512 return 0; /* No extra data processed. */
515 /****************************************************************************
516 Call this to free any talloc'ed memory. Do this before and after processing
518 ****************************************************************************/
520 void free_pipe_context(pipes_struct *p)
523 DEBUG(3,("free_pipe_context: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) ));
524 talloc_destroy_pool(p->mem_ctx);
526 p->mem_ctx = talloc_init();
527 if (p->mem_ctx == NULL)
528 p->fault_state = True;
532 /****************************************************************************
533 Processes a request pdu. This will do auth processing if needed, and
534 appends the data into the complete stream if the LAST flag is not set.
535 ****************************************************************************/
537 static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
539 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
540 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
541 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
544 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
545 set_incoming_fault(p);
550 * Check if we need to do authentication processing.
551 * This is only done on requests, not binds.
555 * Read the RPC request header.
558 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
559 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
560 set_incoming_fault(p);
564 if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
565 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
566 set_incoming_fault(p);
570 if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
573 * Authentication _was_ requested and it already failed.
576 DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
577 authentication failed. Denying the request.\n", p->name));
578 set_incoming_fault(p);
583 * Check the data length doesn't go over the 15Mb limit.
584 * increased after observing a bug in the Windows NT 4.0 SP6a
585 * spoolsv.exe when the response to a GETPRINTERDRIVER2 RPC
586 * will not fit in the initial buffer of size 0x1068 --jerry 22/01/2002
589 if(prs_offset(&p->in_data.data) + data_len > 15*1024*1024) {
590 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
591 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
592 set_incoming_fault(p);
597 * Append the data portion into the buffer and return.
601 char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
603 if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
604 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
605 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
606 set_incoming_fault(p);
612 if(p->hdr.flags & RPC_FLG_LAST) {
615 * Ok - we finally have a complete RPC stream.
616 * Call the rpc command to process it.
620 * Ensure the internal prs buffer size is *exactly* the same
621 * size as the current offset.
624 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
626 DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
627 set_incoming_fault(p);
632 * Set the parse offset to the start of the data and set the
633 * prs_struct to UNMARSHALL.
636 prs_set_offset(&p->in_data.data, 0);
637 prs_switch_type(&p->in_data.data, UNMARSHALL);
640 * Process the complete data stream here.
643 free_pipe_context(p);
645 if(pipe_init_outgoing_data(p))
646 ret = api_pipe_request(p);
648 free_pipe_context(p);
651 * We have consumed the whole data stream. Set back to
652 * marshalling and set the offset back to the start of
653 * the buffer to re-use it (we could also do a prs_mem_free()
654 * and then re_init on the next start of PDU. Not sure which
655 * is best here.... JRA.
658 prs_switch_type(&p->in_data.data, MARSHALL);
659 prs_set_offset(&p->in_data.data, 0);
666 /****************************************************************************
667 Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
668 already been parsed and stored in p->hdr.
669 ****************************************************************************/
671 static ssize_t process_complete_pdu(pipes_struct *p)
674 size_t data_len = p->in_data.pdu_received_len;
675 char *data_p = (char *)&p->in_data.current_in_pdu[0];
679 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
681 set_incoming_fault(p);
682 setup_fault_pdu(p, NT_STATUS(0x1c010002));
683 return (ssize_t)data_len;
686 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
689 * Ensure we're using the corrent endianness for both the
690 * RPC header flags and the raw data we will be reading from.
693 prs_set_endian_data( &rpc_in, p->endian);
694 prs_set_endian_data( &p->in_data.data, p->endian);
696 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
698 DEBUG(10,("process_complete_pdu: processing packet type %u\n",
699 (unsigned int)p->hdr.pkt_type ));
701 switch (p->hdr.pkt_type) {
705 * We assume that a pipe bind is only in one pdu.
707 if(pipe_init_outgoing_data(p))
708 reply = api_pipe_bind_req(p, &rpc_in);
712 * We assume that a pipe bind_resp is only in one pdu.
714 if(pipe_init_outgoing_data(p))
715 reply = api_pipe_bind_auth_resp(p, &rpc_in);
718 reply = process_request_pdu(p, &rpc_in);
721 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
725 /* Reset to little endian. Probably don't need this but it won't hurt. */
726 prs_set_endian_data( &p->in_data.data, RPC_LITTLE_ENDIAN);
729 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
730 set_incoming_fault(p);
731 setup_fault_pdu(p, NT_STATUS(0x1c010002));
732 prs_mem_free(&rpc_in);
735 * Reset the lengths. We're ready for a new pdu.
737 p->in_data.pdu_needed_len = 0;
738 p->in_data.pdu_received_len = 0;
741 prs_mem_free(&rpc_in);
742 return (ssize_t)data_len;
745 /****************************************************************************
746 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
747 ****************************************************************************/
749 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
751 size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
753 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
754 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
757 if(data_to_copy == 0) {
759 * This is an error - data is being received and there is no
760 * space in the PDU. Free the received data and go into the fault state.
762 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
763 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
764 set_incoming_fault(p);
769 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
770 * number of bytes before we can do anything.
773 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
775 * Always return here. If we have more data then the RPC_HEADER
776 * will be processed the next time around the loop.
778 return fill_rpc_header(p, data, data_to_copy);
782 * At this point we know we have at least an RPC_HEADER_LEN amount of data
783 * stored in current_in_pdu.
787 * If pdu_needed_len is zero this is a new pdu.
788 * Unmarshall the header so we know how much more
789 * data we need, then loop again.
792 if(p->in_data.pdu_needed_len == 0)
793 return unmarshall_rpc_header(p);
796 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
797 * Keep reading until we have a full pdu.
800 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
803 * Copy as much of the data as we need into the current_in_pdu buffer.
806 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
807 p->in_data.pdu_received_len += data_to_copy;
810 * Do we have a complete PDU ?
813 if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
814 return process_complete_pdu(p);
816 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
817 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
819 return (ssize_t)data_to_copy;
823 /****************************************************************************
824 Accepts incoming data on an rpc pipe.
825 ****************************************************************************/
827 ssize_t write_to_pipe(smb_np_struct *p, char *data, size_t n)
829 DEBUG(6,("write_to_pipe: %x", p->pnum));
831 DEBUG(6,(" name: %s open: %s len: %d\n",
832 p->name, BOOLSTR(p->open), (int)n));
834 dump_data(50, data, n);
836 return p->namedpipe_write(p->np_state, data, n);
839 /****************************************************************************
840 Accepts incoming data on an internal rpc pipe.
841 ****************************************************************************/
843 static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n)
845 pipes_struct *p = (pipes_struct*)np_conn;
846 size_t data_left = n;
851 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
853 data_used = process_incoming_data(p, data, data_left);
855 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
860 data_left -= data_used;
867 /****************************************************************************
868 Replies to a request to read data from a pipe.
870 Headers are interspersed with the data at PDU intervals. By the time
871 this function is called, the start of the data could possibly have been
872 read by an SMBtrans (file_offset != 0).
874 Calling create_rpc_reply() here is a hack. The data should already
875 have been prepared into arrays of headers + data stream sections.
876 ****************************************************************************/
878 ssize_t read_from_pipe(smb_np_struct *p, char *data, size_t n,
879 BOOL *is_data_outstanding)
881 if (!p || !p->open) {
882 DEBUG(0,("read_from_pipe: pipe not open\n"));
886 DEBUG(6,("read_from_pipe: %x", p->pnum));
888 return p->namedpipe_read(p->np_state, data, n, is_data_outstanding);
891 /****************************************************************************
892 Replies to a request to read data from a pipe.
894 Headers are interspersed with the data at PDU intervals. By the time
895 this function is called, the start of the data could possibly have been
896 read by an SMBtrans (file_offset != 0).
898 Calling create_rpc_reply() here is a hack. The data should already
899 have been prepared into arrays of headers + data stream sections.
900 ****************************************************************************/
902 static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n,
903 BOOL *is_data_outstanding)
905 pipes_struct *p = (pipes_struct*)np_conn;
906 uint32 pdu_remaining = 0;
907 ssize_t data_returned = 0;
910 DEBUG(0,("read_from_pipe: pipe not open\n"));
914 DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
917 * We cannot return more than one PDU length per
922 * This condition should result in the connection being closed.
923 * Netapp filers seem to set it to 0xffff which results in domain
924 * authentications failing. Just ignore it so things work.
927 if(n > MAX_PDU_FRAG_LEN) {
928 DEBUG(5,("read_from_pipe: too large read (%u) requested on \
929 pipe %s. We can only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
933 * Determine if there is still data to send in the
934 * pipe PDU buffer. Always send this first. Never
935 * send more than is left in the current PDU. The
936 * client should send a new read request for a new
940 if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
941 data_returned = (ssize_t)MIN(n, pdu_remaining);
943 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
944 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len,
945 (unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
947 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
948 p->out_data.current_pdu_sent += (uint32)data_returned;
953 * At this point p->current_pdu_len == p->current_pdu_sent (which
954 * may of course be zero if this is the first return fragment.
957 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
958 = %u, prs_offset(&p->out_data.rdata) = %u.\n",
959 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
961 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
963 * We have sent all possible data, return 0.
970 * We need to create a new PDU from the data left in p->rdata.
971 * Create the header/data/footers. This also sets up the fields
972 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
973 * and stores the outgoing PDU in p->current_pdu.
976 if(!create_next_pdu(p)) {
977 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name));
981 data_returned = MIN(n, p->out_data.current_pdu_len);
983 memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
984 p->out_data.current_pdu_sent += (uint32)data_returned;
988 (*is_data_outstanding) = p->out_data.current_pdu_len > n;
989 return data_returned;
992 /****************************************************************************
993 Wait device state on a pipe. Exactly what this is for is unknown...
994 ****************************************************************************/
996 BOOL wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority)
1002 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
1003 priority, p->name));
1005 p->priority = priority;
1010 DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
1011 priority, p->name));
1016 /****************************************************************************
1017 Set device state on a pipe. Exactly what this is for is unknown...
1018 ****************************************************************************/
1020 BOOL set_rpc_pipe_hnd_state(smb_np_struct *p, uint16 device_state)
1026 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
1027 device_state, p->name));
1029 p->device_state = device_state;
1034 DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
1035 device_state, p->name));
1040 /****************************************************************************
1042 ****************************************************************************/
1044 BOOL close_rpc_pipe_hnd(smb_np_struct *p)
1047 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
1051 p->namedpipe_close(p->np_state);
1053 bitmap_clear(bmap, p->pnum - pipe_handle_offset);
1057 DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n",
1058 p->name, p->pnum, pipes_open));
1060 DLIST_REMOVE(Pipes, p);
1069 /****************************************************************************
1071 ****************************************************************************/
1073 static BOOL close_internal_rpc_pipe_hnd(void *np_conn)
1075 pipes_struct *p = (pipes_struct *)np_conn;
1077 DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n"));
1081 prs_mem_free(&p->out_data.rdata);
1082 prs_mem_free(&p->in_data.data);
1085 talloc_destroy(p->mem_ctx);
1087 /* Free the handles database. */
1088 close_policy_by_pipe(p);
1090 delete_nt_token(&p->pipe_user.nt_user_token);
1091 SAFE_FREE(p->pipe_user.groups);
1093 DLIST_REMOVE(InternalPipes, p);
1095 p->conn->num_files_open--;
1104 /****************************************************************************
1105 Find an rpc pipe given a pipe handle in a buffer and an offset.
1106 ****************************************************************************/
1108 smb_np_struct *get_rpc_pipe_p(char *buf, int where)
1110 int pnum = SVAL(buf,where);
1115 return get_rpc_pipe(pnum);
1118 /****************************************************************************
1119 Find an rpc pipe given a pipe handle.
1120 ****************************************************************************/
1122 smb_np_struct *get_rpc_pipe(int pnum)
1126 DEBUG(4,("search for pipe pnum=%x\n", pnum));
1128 for (p=Pipes;p;p=p->next)
1129 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n",
1130 p->name, p->pnum, pipes_open));
1132 for (p=Pipes;p;p=p->next) {
1133 if (p->pnum == pnum) {