search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Correct PPTP server firewall rules chain.
[tomato/davidwu.git] / release / src / router / samba / source / rpc_server / srv_pipe_hnd.c
blobeef5e46a773c4313a59c6079eda7ce23d40945db
1 /*
2 * Unix SMB/Netbios implementation.
3 * Version 1.9.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-1998,
6 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
7 * Copyright (C) Jeremy Allison 1999.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24
25 #include "includes.h"
26
27
28 #define PIPE "\\PIPE\\"
29 #define PIPELEN strlen(PIPE)
30
31 extern int DEBUGLEVEL;
32 static pipes_struct *chain_p;
33 static int pipes_open;
34
35 #ifndef MAX_OPEN_PIPES
36 #define MAX_OPEN_PIPES 64
37 #endif
38
39 static pipes_struct *Pipes;
40 static struct bitmap *bmap;
41
42 /* this must be larger than the sum of the open files and directories */
43 static int pipe_handle_offset;
44
45 /****************************************************************************
46 Set the pipe_handle_offset. Called from smbd/files.c
47 ****************************************************************************/
48
49 void set_pipe_handle_offset(int max_open_files)
50 {
51 if(max_open_files < 0x7000)
52 pipe_handle_offset = 0x7000;
53 else
54 pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
55 }
56
57 /****************************************************************************
58 Reset pipe chain handle number.
59 ****************************************************************************/
60 void reset_chain_p(void)
61 {
62 chain_p = NULL;
63 }
64
65 /****************************************************************************
66 Initialise pipe handle states.
67 ****************************************************************************/
68
69 void init_rpc_pipe_hnd(void)
70 {
71 bmap = bitmap_allocate(MAX_OPEN_PIPES);
72 if (!bmap)
73 exit_server("out of memory in init_rpc_pipe_hnd\n");
74 }
75
76 /****************************************************************************
77 Initialise an outgoing packet.
78 ****************************************************************************/
79
80 static BOOL pipe_init_outgoing_data(output_data *o_data)
81 {
82 /* Reset the offset counters. */
83 o_data->data_sent_length = 0;
84 o_data->current_pdu_len = 0;
85 o_data->current_pdu_sent = 0;
86
87 memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
88
89 /* Free any memory in the current return data buffer. */
90 prs_mem_free(&o_data->rdata);
91
92 /*
93 * Initialize the outgoing RPC data buffer.
94 * we will use this as the raw data area for replying to rpc requests.
95 */
96 if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, MARSHALL)) {
97 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
98 return False;
99 }
100
101 return True;
102 }
103
104 /****************************************************************************
105 Find first available pipe slot.
106 ****************************************************************************/
107
108 pipes_struct *open_rpc_pipe_p(char *pipe_name,
109 connection_struct *conn, uint16 vuid)
110 {
111 int i;
112 pipes_struct *p;
113 static int next_pipe;
114
115 DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
116 pipe_name, pipes_open));
117
118 /* not repeating pipe numbers makes it easier to track things in
119 log files and prevents client bugs where pipe numbers are reused
120 over connection restarts */
121 if (next_pipe == 0)
122 next_pipe = (getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
123
124 i = bitmap_find(bmap, next_pipe);
125
126 if (i == -1) {
127 DEBUG(0,("ERROR! Out of pipe structures\n"));
128 return NULL;
129 }
130
131 next_pipe = (i+1) % MAX_OPEN_PIPES;
132
133 for (p = Pipes; p; p = p->next)
134 DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum));
135
136 p = (pipes_struct *)malloc(sizeof(*p));
137
138 if (!p)
139 return NULL;
140
141 ZERO_STRUCTP(p);
142
143 DLIST_ADD(Pipes, p);
144
145 /*
146 * Initialize the incoming RPC data buffer with one PDU worth of memory.
147 * We cheat here and say we're marshalling, as we intend to add incoming
148 * data directly into the prs_struct and we want it to auto grow. We will
149 * change the type to UNMARSALLING before processing the stream.
150 */
151
152 if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, 4, MARSHALL)) {
153 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
154 return NULL;
155 }
156
157 bitmap_set(bmap, i);
158 i += pipe_handle_offset;
159
160 pipes_open++;
161
162 p->pnum = i;
163
164 p->open = True;
165 p->device_state = 0;
166 p->priority = 0;
167 p->conn = conn;
168 p->vuid = vuid;
169
170 p->max_trans_reply = 0;
171
172 p->ntlmssp_chal_flags = 0;
173 p->ntlmssp_auth_validated = False;
174 p->ntlmssp_auth_requested = False;
175
176 p->pipe_bound = False;
177 p->fault_state = False;
178
179 /*
180 * Initialize the incoming RPC struct.
181 */
182
183 p->in_data.pdu_needed_len = 0;
184 p->in_data.pdu_received_len = 0;
185
186 /*
187 * Initialize the outgoing RPC struct.
188 */
189
190 p->out_data.current_pdu_len = 0;
191 p->out_data.current_pdu_sent = 0;
192 p->out_data.data_sent_length = 0;
193
194 /*
195 * Initialize the outgoing RPC data buffer with no memory.
196 */
197 prs_init(&p->out_data.rdata, 0, 4, MARSHALL);
198
199 p->uid = (uid_t)-1;
200 p->gid = (gid_t)-1;
201
202 fstrcpy(p->name, pipe_name);
203
204 DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
205 pipe_name, i, pipes_open));
206
207 chain_p = p;
208
209 /* OVERWRITE p as a temp variable, to display all open pipes */
210 for (p = Pipes; p; p = p->next)
211 DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum));
212
213 return chain_p;
214 }
215
216 /****************************************************************************
217 Sets the fault state on incoming packets.
218 ****************************************************************************/
219
220 static void set_incoming_fault(pipes_struct *p)
221 {
222 prs_mem_free(&p->in_data.data);
223 p->in_data.pdu_needed_len = 0;
224 p->in_data.pdu_received_len = 0;
225 p->fault_state = True;
226 DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : pnum = 0x%x\n",
227 p->name, p->pnum ));
228 }
229
230 /****************************************************************************
231 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
232 ****************************************************************************/
233
234 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
235 {
236 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
237
238 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
239 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
240 (unsigned int)p->in_data.pdu_received_len ));
241
242 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
243 p->in_data.pdu_received_len += len_needed_to_complete_hdr;
244
245 return (ssize_t)len_needed_to_complete_hdr;
246 }
247
248 /****************************************************************************
249 Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
250 ****************************************************************************/
251
252 static ssize_t unmarshall_rpc_header(pipes_struct *p)
253 {
254 /*
255 * Unmarshall the header to determine the needed length.
256 */
257
258 prs_struct rpc_in;
259
260 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
261 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
262 set_incoming_fault(p);
263 return -1;
264 }
265
266 prs_init( &rpc_in, 0, 4, UNMARSHALL);
267 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
268 p->in_data.pdu_received_len, False);
269
270 /*
271 * Unmarshall the header as this will tell us how much
272 * data we need to read to get the complete pdu.
273 */
274
275 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
276 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
277 set_incoming_fault(p);
278 return -1;
279 }
280
281 /*
282 * Validate the RPC header.
283 */
284
285 if(p->hdr.major != 5 && p->hdr.minor != 0) {
286 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
287 set_incoming_fault(p);
288 return -1;
289 }
290
291 /*
292 * If there is no data in the incoming buffer and it's a requst pdu then
293 * ensure that the FIRST flag is set. If not then we have
294 * a stream missmatch.
295 */
296
297 if((p->hdr.pkt_type == RPC_REQUEST) && (prs_offset(&p->in_data.data) == 0) && !(p->hdr.flags & RPC_FLG_FIRST)) {
298 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
299 set_incoming_fault(p);
300 return -1;
301 }
302
303 /*
304 * Ensure that the pdu length is sane.
305 */
306
307 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
308 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
309 set_incoming_fault(p);
310 return -1;
311 }
312
313 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
314 (unsigned int)p->hdr.flags ));
315
316 /*
317 * Adjust for the header we just ate.
318 */
319 p->in_data.pdu_received_len = 0;
320 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
321
322 /*
323 * Null the data we just ate.
324 */
325
326 memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
327
328 return 0; /* No extra data processed. */
329 }
330
331 /****************************************************************************
332 Processes a request pdu. This will do auth processing if needed, and
333 appends the data into the complete stream if the LAST flag is not set.
334 ****************************************************************************/
335
336 static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
337 {
338 BOOL auth_verify = IS_BITS_SET_ALL(p->ntlmssp_chal_flags, NTLMSSP_NEGOTIATE_SIGN);
339 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
340 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
341
342 if(!p->pipe_bound) {
343 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
344 set_incoming_fault(p);
345 return False;
346 }
347
348 /*
349 * Check if we need to do authentication processing.
350 * This is only done on requests, not binds.
351 */
352
353 /*
354 * Read the RPC request header.
355 */
356
357 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
358 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
359 set_incoming_fault(p);
360 return False;
361 }
362
363 if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
364 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
365 set_incoming_fault(p);
366 return False;
367 }
368
369 if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
370
371 /*
372 * Authentication _was_ requested and it already failed.
373 */
374
375 DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
376 authentication failed. Denying the request.\n", p->name));
377 set_incoming_fault(p);
378 return False;
379 }
380
381 /*
382 * Check the data length doesn't go over the 1Mb limit.
383 */
384
385 if(prs_data_size(&p->in_data.data) + data_len > 1024*1024) {
386 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
387 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
388 set_incoming_fault(p);
389 return False;
390 }
391
392 /*
393 * Append the data portion into the buffer and return.
394 */
395
396 {
397 char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
398
399 if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
400 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
401 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
402 set_incoming_fault(p);
403 return False;
404 }
405
406 }
407
408 if(p->hdr.flags & RPC_FLG_LAST) {
409 BOOL ret = False;
410 /*
411 * Ok - we finally have a complete RPC stream.
412 * Call the rpc command to process it.
413 */
414
415 /*
416 * Set the parse offset to the start of the data and set the
417 * prs_struct to UNMARSHALL.
418 */
419
420 prs_set_offset(&p->in_data.data, 0);
421 prs_switch_type(&p->in_data.data, UNMARSHALL);
422
423 /*
424 * Process the complete data stream here.
425 */
426
427 if(pipe_init_outgoing_data(&p->out_data))
428 ret = api_pipe_request(p);
429
430 /*
431 * We have consumed the whole data stream. Set back to
432 * marshalling and set the offset back to the start of
433 * the buffer to re-use it (we could also do a prs_mem_free()
434 * and then re_init on the next start of PDU. Not sure which
435 * is best here.... JRA.
436 */
437
438 prs_switch_type(&p->in_data.data, MARSHALL);
439 prs_set_offset(&p->in_data.data, 0);
440 return ret;
441 }
442
443 return True;
444 }
445
446 /****************************************************************************
447 Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
448 already been parsed and stored in p->hdr.
449 ****************************************************************************/
450
451 static ssize_t process_complete_pdu(pipes_struct *p)
452 {
453 prs_struct rpc_in;
454 size_t data_len = p->in_data.pdu_received_len;
455 char *data_p = (char *)&p->in_data.current_in_pdu[0];
456 BOOL reply = False;
457
458 if(p->fault_state) {
459 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
460 p->name ));
461 set_incoming_fault(p);
462 setup_fault_pdu(p);
463 return (ssize_t)data_len;
464 }
465
466 prs_init( &rpc_in, 0, 4, UNMARSHALL);
467 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
468
469 DEBUG(10,("process_complete_pdu: processing packet type %u\n",
470 (unsigned int)p->hdr.pkt_type ));
471
472 switch (p->hdr.pkt_type) {
473 case RPC_BIND:
474 case RPC_ALTCONT:
475 /*
476 * We assume that a pipe bind is only in one pdu.
477 */
478 if(pipe_init_outgoing_data(&p->out_data))
479 reply = api_pipe_bind_req(p, &rpc_in);
480 break;
481 case RPC_BINDRESP:
482 /*
483 * We assume that a pipe bind_resp is only in one pdu.
484 */
485 if(pipe_init_outgoing_data(&p->out_data))
486 reply = api_pipe_bind_auth_resp(p, &rpc_in);
487 break;
488 case RPC_REQUEST:
489 reply = process_request_pdu(p, &rpc_in);
490 break;
491 default:
492 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
493 break;
494 }
495
496 if (!reply) {
497 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
498 set_incoming_fault(p);
499 setup_fault_pdu(p);
500 } else {
501 /*
502 * Reset the lengths. We're ready for a new pdu.
503 */
504 p->in_data.pdu_needed_len = 0;
505 p->in_data.pdu_received_len = 0;
506 }
507
508 return (ssize_t)data_len;
509 }
510
511 /****************************************************************************
512 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
513 ****************************************************************************/
514
515 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
516 {
517 size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
518
519 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
520 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
521 (unsigned int)n ));
522
523 if(data_to_copy == 0) {
524 /*
525 * This is an error - data is being received and there is no
526 * space in the PDU. Free the received data and go into the fault state.
527 */
528 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
529 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
530 set_incoming_fault(p);
531 return -1;
532 }
533
534 /*
535 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
536 * number of bytes before we can do anything.
537 */
538
539 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
540 /*
541 * Always return here. If we have more data then the RPC_HEADER
542 * will be processed the next time around the loop.
543 */
544 return fill_rpc_header(p, data, data_to_copy);
545 }
546
547 /*
548 * At this point we know we have at least an RPC_HEADER_LEN amount of data
549 * stored in current_in_pdu.
550 */
551
552 /*
553 * If pdu_needed_len is zero this is a new pdu.
554 * Unmarshall the header so we know how much more
555 * data we need, then loop again.
556 */
557
558 if(p->in_data.pdu_needed_len == 0)
559 return unmarshall_rpc_header(p);
560
561 /*
562 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
563 * Keep reading until we have a full pdu.
564 */
565
566 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
567
568 /*
569 * Copy as much of the data as we need into the current_in_pdu buffer.
570 */
571
572 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
573 p->in_data.pdu_received_len += data_to_copy;
574
575 /*
576 * Do we have a complete PDU ?
577 */
578
579 if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
580 return process_complete_pdu(p);
581
582 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
583 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
584
585 return (ssize_t)data_to_copy;
586
587 }
588
589 /****************************************************************************
590 Accepts incoming data on an rpc pipe.
591 ****************************************************************************/
592
593 ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n)
594 {
595 size_t data_left = n;
596
597 DEBUG(6,("write_to_pipe: %x", p->pnum));
598
599 DEBUG(6,(" name: %s open: %s len: %d\n",
600 p->name, BOOLSTR(p->open), (int)n));
601
602 dump_data(50, data, n);
603
604 while(data_left) {
605 ssize_t data_used;
606
607 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
608
609 data_used = process_incoming_data(p, data, data_left);
610
611 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
612
613 if(data_used < 0)
614 return -1;
615
616 data_left -= data_used;
617 data += data_used;
618 }
619
620 return n;
621 }
622
623
624 /****************************************************************************
625 Replyies to a request to read data from a pipe.
626
627 Headers are interspersed with the data at PDU intervals. By the time
628 this function is called, the start of the data could possibly have been
629 read by an SMBtrans (file_offset != 0).
630
631 Calling create_rpc_reply() here is a hack. The data should already
632 have been prepared into arrays of headers + data stream sections.
633
634 ****************************************************************************/
635
636 ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n)
637 {
638 uint32 pdu_remaining = 0;
639 ssize_t data_returned = 0;
640
641 if (!p || !p->open) {
642 DEBUG(0,("read_from_pipe: pipe not open\n"));
643 return -1;
644 }
645
646 DEBUG(6,("read_from_pipe: %x", p->pnum));
647
648 DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
649
650 /*
651 * We cannot return more than one PDU length per
652 * read request.
653 */
654
655 if(n > MAX_PDU_FRAG_LEN) {
656 DEBUG(0,("read_from_pipe: loo large read (%u) requested on pipe %s. We can \
657 only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
658 return -1;
659 }
660
661 /*
662 * Determine if there is still data to send in the
663 * pipe PDU buffer. Always send this first. Never
664 * send more than is left in the current PDU. The
665 * client should send a new read request for a new
666 * PDU.
667 */
668
669 if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
670 data_returned = (ssize_t)MIN(n, pdu_remaining);
671
672 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
673 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len,
674 (unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
675
676 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
677 p->out_data.current_pdu_sent += (uint32)data_returned;
678 return data_returned;
679 }
680
681 /*
682 * At this point p->current_pdu_len == p->current_pdu_sent (which
683 * may of course be zero if this is the first return fragment.
684 */
685
686 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
687 = %u, prs_offset(&p->out_data.rdata) = %u.\n",
688 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
689
690 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
691 /*
692 * We have sent all possible data. Return 0.
693 */
694 return 0;
695 }
696
697 /*
698 * We need to create a new PDU from the data left in p->rdata.
699 * Create the header/data/footers. This also sets up the fields
700 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
701 * and stores the outgoing PDU in p->current_pdu.
702 */
703
704 if(!create_next_pdu(p)) {
705 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n",
706 p->name));
707 return -1;
708 }
709
710 data_returned = MIN(n, p->out_data.current_pdu_len);
711
712 memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
713 p->out_data.current_pdu_sent += (uint32)data_returned;
714 return data_returned;
715 }
716
717 /****************************************************************************
718 Wait device state on a pipe. Exactly what this is for is unknown...
719 ****************************************************************************/
720
721 BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority)
722 {
723 if (p == NULL)
724 return False;
725
726 if (p->open) {
727 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
728 priority, p->name));
729
730 p->priority = priority;
731
732 return True;
733 }
734
735 DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
736 priority, p->name));
737 return False;
738 }
739
740
741 /****************************************************************************
742 Set device state on a pipe. Exactly what this is for is unknown...
743 ****************************************************************************/
744
745 BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state)
746 {
747 if (p == NULL)
748 return False;
749
750 if (p->open) {
751 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
752 device_state, p->name));
753
754 p->device_state = device_state;
755
756 return True;
757 }
758
759 DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
760 device_state, p->name));
761 return False;
762 }
763
764
765 /****************************************************************************
766 Close an rpc pipe.
767 ****************************************************************************/
768
769 BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn)
770 {
771 if (!p) {
772 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
773 return False;
774 }
775
776 prs_mem_free(&p->out_data.rdata);
777 prs_mem_free(&p->in_data.data);
778
779 bitmap_clear(bmap, p->pnum - pipe_handle_offset);
780
781 pipes_open--;
782
783 DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n",
784 p->name, p->pnum, pipes_open));
785
786 DLIST_REMOVE(Pipes, p);
787
788 ZERO_STRUCTP(p);
789
790 free(p);
791
792 return True;
793 }
794
795 /****************************************************************************
796 Find an rpc pipe given a pipe handle in a buffer and an offset.
797 ****************************************************************************/
798
799 pipes_struct *get_rpc_pipe_p(char *buf, int where)
800 {
801 int pnum = SVAL(buf,where);
802
803 if (chain_p)
804 return chain_p;
805
806 return get_rpc_pipe(pnum);
807 }
808
809 /****************************************************************************
810 Find an rpc pipe given a pipe handle.
811 ****************************************************************************/
812
813 pipes_struct *get_rpc_pipe(int pnum)
814 {
815 pipes_struct *p;
816
817 DEBUG(4,("search for pipe pnum=%x\n", pnum));
818
819 for (p=Pipes;p;p=p->next)
820 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n",
821 p->name, p->pnum, pipes_open));
822
823 for (p=Pipes;p;p=p->next) {
824 if (p->pnum == pnum) {
825 chain_p = p;
826 return p;
827 }
828 }
829
830 return NULL;
831 }