search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
preparing for release of 3.0-alpha13
[Samba.git] / source / rpc_server / srv_pipe_hnd.c
blobcc6415cce7c9ca0170e2155d64c0d6b425fd2171
1 /*
2 * Unix SMB/Netbios implementation.
3 * Version 1.9.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-1998,
6 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
7 * Copyright (C) Jeremy Allison 1999.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 #define PIPE "\\PIPE\\"
27 #define PIPELEN strlen(PIPE)
28
29 static pipes_struct *chain_p;
30 static int pipes_open;
31
32 #ifndef MAX_OPEN_PIPES
33 #define MAX_OPEN_PIPES 2048
34 #endif
35
36 static pipes_struct *Pipes;
37 static struct bitmap *bmap;
38
39 /****************************************************************************
40 Pipe iterator functions.
41 ****************************************************************************/
42
43 pipes_struct *get_first_pipe(void)
44 {
45 return Pipes;
46 }
47
48 pipes_struct *get_next_pipe(pipes_struct *p)
49 {
50 return p->next;
51 }
52
53 /* this must be larger than the sum of the open files and directories */
54 static int pipe_handle_offset;
55
56 /****************************************************************************
57 Set the pipe_handle_offset. Called from smbd/files.c
58 ****************************************************************************/
59
60 void set_pipe_handle_offset(int max_open_files)
61 {
62 if(max_open_files < 0x7000)
63 pipe_handle_offset = 0x7000;
64 else
65 pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
66 }
67
68 /****************************************************************************
69 Reset pipe chain handle number.
70 ****************************************************************************/
71 void reset_chain_p(void)
72 {
73 chain_p = NULL;
74 }
75
76 /****************************************************************************
77 Initialise pipe handle states.
78 ****************************************************************************/
79
80 void init_rpc_pipe_hnd(void)
81 {
82 bmap = bitmap_allocate(MAX_OPEN_PIPES);
83 if (!bmap)
84 exit_server("out of memory in init_rpc_pipe_hnd");
85 }
86
87 /****************************************************************************
88 Initialise an outgoing packet.
89 ****************************************************************************/
90
91 static BOOL pipe_init_outgoing_data(pipes_struct *p)
92 {
93 output_data *o_data = &p->out_data;
94
95 /* Reset the offset counters. */
96 o_data->data_sent_length = 0;
97 o_data->current_pdu_len = 0;
98 o_data->current_pdu_sent = 0;
99
100 memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
101
102 /* Free any memory in the current return data buffer. */
103 prs_mem_free(&o_data->rdata);
104
105 /*
106 * Initialize the outgoing RPC data buffer.
107 * we will use this as the raw data area for replying to rpc requests.
108 */
109 if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
110 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
111 return False;
112 }
113
114 return True;
115 }
116
117 /****************************************************************************
118 Find first available pipe slot.
119 ****************************************************************************/
120
121 pipes_struct *open_rpc_pipe_p(char *pipe_name,
122 connection_struct *conn, uint16 vuid)
123 {
124 int i;
125 pipes_struct *p;
126 static int next_pipe;
127
128 DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
129 pipe_name, pipes_open));
130
131
132 /* not repeating pipe numbers makes it easier to track things in
133 log files and prevents client bugs where pipe numbers are reused
134 over connection restarts */
135 if (next_pipe == 0)
136 next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
137
138 i = bitmap_find(bmap, next_pipe);
139
140 if (i == -1) {
141 DEBUG(0,("ERROR! Out of pipe structures\n"));
142 return NULL;
143 }
144
145 next_pipe = (i+1) % MAX_OPEN_PIPES;
146
147 for (p = Pipes; p; p = p->next)
148 DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));
149
150 p = (pipes_struct *)malloc(sizeof(*p));
151
152 if (!p)
153 return NULL;
154
155 ZERO_STRUCTP(p);
156
157 if ((p->mem_ctx = talloc_init()) == NULL) {
158 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
159 SAFE_FREE(p);
160 return NULL;
161 }
162
163 if (!init_pipe_handle_list(p, pipe_name)) {
164 DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
165 talloc_destroy(p->mem_ctx);
166 SAFE_FREE(p);
167 return NULL;
168 }
169
170
171 DLIST_ADD(Pipes, p);
172
173 /*
174 * Initialize the incoming RPC data buffer with one PDU worth of memory.
175 * We cheat here and say we're marshalling, as we intend to add incoming
176 * data directly into the prs_struct and we want it to auto grow. We will
177 * change the type to UNMARSALLING before processing the stream.
178 */
179
180 if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
181 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
182 return NULL;
183 }
184
185 bitmap_set(bmap, i);
186 i += pipe_handle_offset;
187
188 pipes_open++;
189
190 p->pnum = i;
191
192 p->open = True;
193 p->device_state = 0;
194 p->priority = 0;
195 p->conn = conn;
196 p->vuid = vuid;
197
198 p->max_trans_reply = 0;
199
200 p->ntlmssp_chal_flags = 0;
201 p->ntlmssp_auth_validated = False;
202 p->ntlmssp_auth_requested = False;
203
204 p->pipe_bound = False;
205 p->fault_state = False;
206 p->endian = RPC_LITTLE_ENDIAN;
207
208 /*
209 * Initialize the incoming RPC struct.
210 */
211
212 p->in_data.pdu_needed_len = 0;
213 p->in_data.pdu_received_len = 0;
214
215 /*
216 * Initialize the outgoing RPC struct.
217 */
218
219 p->out_data.current_pdu_len = 0;
220 p->out_data.current_pdu_sent = 0;
221 p->out_data.data_sent_length = 0;
222
223 /*
224 * Initialize the outgoing RPC data buffer with no memory.
225 */
226 prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL);
227
228 ZERO_STRUCT(p->pipe_user);
229
230 p->pipe_user.uid = (uid_t)-1;
231 p->pipe_user.gid = (gid_t)-1;
232
233 fstrcpy(p->name, pipe_name);
234
235 DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
236 pipe_name, i, pipes_open));
237
238 chain_p = p;
239
240 /* OVERWRITE p as a temp variable, to display all open pipes */
241 for (p = Pipes; p; p = p->next)
242 DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum));
243
244 return chain_p;
245 }
246
247 /****************************************************************************
248 Sets the fault state on incoming packets.
249 ****************************************************************************/
250
251 static void set_incoming_fault(pipes_struct *p)
252 {
253 prs_mem_free(&p->in_data.data);
254 p->in_data.pdu_needed_len = 0;
255 p->in_data.pdu_received_len = 0;
256 p->fault_state = True;
257 DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : pnum = 0x%x\n",
258 p->name, p->pnum ));
259 }
260
261 /****************************************************************************
262 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
263 ****************************************************************************/
264
265 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
266 {
267 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
268
269 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
270 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
271 (unsigned int)p->in_data.pdu_received_len ));
272
273 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
274 p->in_data.pdu_received_len += len_needed_to_complete_hdr;
275
276 return (ssize_t)len_needed_to_complete_hdr;
277 }
278
279 /****************************************************************************
280 Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
281 ****************************************************************************/
282
283 static ssize_t unmarshall_rpc_header(pipes_struct *p)
284 {
285 /*
286 * Unmarshall the header to determine the needed length.
287 */
288
289 prs_struct rpc_in;
290
291 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
292 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
293 set_incoming_fault(p);
294 return -1;
295 }
296
297 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
298 prs_set_endian_data( &rpc_in, p->endian);
299
300 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
301 p->in_data.pdu_received_len, False);
302
303 /*
304 * Unmarshall the header as this will tell us how much
305 * data we need to read to get the complete pdu.
306 * This also sets the endian flag in rpc_in.
307 */
308
309 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
310 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
311 set_incoming_fault(p);
312 prs_mem_free(&rpc_in);
313 return -1;
314 }
315
316 /*
317 * Validate the RPC header.
318 */
319
320 if(p->hdr.major != 5 && p->hdr.minor != 0) {
321 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
322 set_incoming_fault(p);
323 prs_mem_free(&rpc_in);
324 return -1;
325 }
326
327 /*
328 * If there's not data in the incoming buffer this should be the start of a new RPC.
329 */
330
331 if(prs_offset(&p->in_data.data) == 0) {
332
333 /*
334 * AS/U doesn't set FIRST flag in a BIND packet it seems.
335 */
336
337 if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) {
338 /*
339 * Ensure that the FIRST flag is set. If not then we have
340 * a stream missmatch.
341 */
342
343 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
344 set_incoming_fault(p);
345 prs_mem_free(&rpc_in);
346 return -1;
347 }
348
349 /*
350 * If this is the first PDU then set the endianness
351 * flag in the pipe. We will need this when parsing all
352 * data in this RPC.
353 */
354
355 p->endian = rpc_in.bigendian_data;
356
357 DEBUG(5,("unmarshall_rpc_header: using %sendian RPC\n",
358 p->endian == RPC_LITTLE_ENDIAN ? "little-" : "big-" ));
359
360 } else {
361
362 /*
363 * If this is *NOT* the first PDU then check the endianness
364 * flag in the pipe is the same as that in the PDU.
365 */
366
367 if (p->endian != rpc_in.bigendian_data) {
368 DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag (%d) different in next PDU !\n", (int)p->endian));
369 set_incoming_fault(p);
370 prs_mem_free(&rpc_in);
371 return -1;
372 }
373 }
374
375 /*
376 * Ensure that the pdu length is sane.
377 */
378
379 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
380 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
381 set_incoming_fault(p);
382 prs_mem_free(&rpc_in);
383 return -1;
384 }
385
386 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
387 (unsigned int)p->hdr.flags ));
388
389 /*
390 * Adjust for the header we just ate.
391 */
392 p->in_data.pdu_received_len = 0;
393 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
394
395 /*
396 * Null the data we just ate.
397 */
398
399 memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
400
401 prs_mem_free(&rpc_in);
402
403 return 0; /* No extra data processed. */
404 }
405
406 /****************************************************************************
407 Call this to free any talloc'ed memory. Do this before and after processing
408 a complete PDU.
409 ****************************************************************************/
410
411 void free_pipe_context(pipes_struct *p)
412 {
413 if (p->mem_ctx) {
414 DEBUG(3,("free_pipe_context: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) ));
415 talloc_destroy_pool(p->mem_ctx);
416 } else {
417 p->mem_ctx = talloc_init();
418 if (p->mem_ctx == NULL)
419 p->fault_state = True;
420 }
421 }
422
423 /****************************************************************************
424 Processes a request pdu. This will do auth processing if needed, and
425 appends the data into the complete stream if the LAST flag is not set.
426 ****************************************************************************/
427
428 static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
429 {
430 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
431 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
432 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
433
434 if(!p->pipe_bound) {
435 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
436 set_incoming_fault(p);
437 return False;
438 }
439
440 /*
441 * Check if we need to do authentication processing.
442 * This is only done on requests, not binds.
443 */
444
445 /*
446 * Read the RPC request header.
447 */
448
449 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
450 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
451 set_incoming_fault(p);
452 return False;
453 }
454
455 if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
456 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
457 set_incoming_fault(p);
458 return False;
459 }
460
461 if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
462
463 /*
464 * Authentication _was_ requested and it already failed.
465 */
466
467 DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
468 authentication failed. Denying the request.\n", p->name));
469 set_incoming_fault(p);
470 return False;
471 }
472
473 /*
474 * Check the data length doesn't go over the 10Mb limit.
475 */
476
477 if(prs_data_size(&p->in_data.data) + data_len > 10*1024*1024) {
478 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
479 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
480 set_incoming_fault(p);
481 return False;
482 }
483
484 /*
485 * Append the data portion into the buffer and return.
486 */
487
488 {
489 char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
490
491 if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
492 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
493 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
494 set_incoming_fault(p);
495 return False;
496 }
497
498 }
499
500 if(p->hdr.flags & RPC_FLG_LAST) {
501 BOOL ret = False;
502 /*
503 * Ok - we finally have a complete RPC stream.
504 * Call the rpc command to process it.
505 */
506
507 /*
508 * Ensure the internal prs buffer size is *exactly* the same
509 * size as the current offset.
510 */
511
512 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
513 {
514 DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
515 set_incoming_fault(p);
516 return False;
517 }
518
519 /*
520 * Set the parse offset to the start of the data and set the
521 * prs_struct to UNMARSHALL.
522 */
523
524 prs_set_offset(&p->in_data.data, 0);
525 prs_switch_type(&p->in_data.data, UNMARSHALL);
526
527 /*
528 * Process the complete data stream here.
529 */
530
531 free_pipe_context(p);
532
533 if(pipe_init_outgoing_data(p))
534 ret = api_pipe_request(p);
535
536 free_pipe_context(p);
537
538 /*
539 * We have consumed the whole data stream. Set back to
540 * marshalling and set the offset back to the start of
541 * the buffer to re-use it (we could also do a prs_mem_free()
542 * and then re_init on the next start of PDU. Not sure which
543 * is best here.... JRA.
544 */
545
546 prs_switch_type(&p->in_data.data, MARSHALL);
547 prs_set_offset(&p->in_data.data, 0);
548 return ret;
549 }
550
551 return True;
552 }
553
554 /****************************************************************************
555 Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
556 already been parsed and stored in p->hdr.
557 ****************************************************************************/
558
559 static ssize_t process_complete_pdu(pipes_struct *p)
560 {
561 prs_struct rpc_in;
562 size_t data_len = p->in_data.pdu_received_len;
563 char *data_p = (char *)&p->in_data.current_in_pdu[0];
564 BOOL reply = False;
565
566 if(p->fault_state) {
567 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
568 p->name ));
569 set_incoming_fault(p);
570 setup_fault_pdu(p, NT_STATUS(0x1c010002));
571 return (ssize_t)data_len;
572 }
573
574 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
575
576 /*
577 * Ensure we're using the corrent endianness for both the
578 * RPC header flags and the raw data we will be reading from.
579 */
580
581 prs_set_endian_data( &rpc_in, p->endian);
582 prs_set_endian_data( &p->in_data.data, p->endian);
583
584 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
585
586 DEBUG(10,("process_complete_pdu: processing packet type %u\n",
587 (unsigned int)p->hdr.pkt_type ));
588
589 switch (p->hdr.pkt_type) {
590 case RPC_BIND:
591 case RPC_ALTCONT:
592 /*
593 * We assume that a pipe bind is only in one pdu.
594 */
595 if(pipe_init_outgoing_data(p))
596 reply = api_pipe_bind_req(p, &rpc_in);
597 break;
598 case RPC_BINDRESP:
599 /*
600 * We assume that a pipe bind_resp is only in one pdu.
601 */
602 if(pipe_init_outgoing_data(p))
603 reply = api_pipe_bind_auth_resp(p, &rpc_in);
604 break;
605 case RPC_REQUEST:
606 reply = process_request_pdu(p, &rpc_in);
607 break;
608 default:
609 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
610 break;
611 }
612
613 /* Reset to little endian. Probably don't need this but it won't hurt. */
614 prs_set_endian_data( &p->in_data.data, RPC_LITTLE_ENDIAN);
615
616 if (!reply) {
617 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
618 set_incoming_fault(p);
619 setup_fault_pdu(p, NT_STATUS(0x1c010002));
620 prs_mem_free(&rpc_in);
621 } else {
622 /*
623 * Reset the lengths. We're ready for a new pdu.
624 */
625 p->in_data.pdu_needed_len = 0;
626 p->in_data.pdu_received_len = 0;
627 }
628
629 prs_mem_free(&rpc_in);
630 return (ssize_t)data_len;
631 }
632
633 /****************************************************************************
634 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
635 ****************************************************************************/
636
637 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
638 {
639 size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
640
641 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
642 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
643 (unsigned int)n ));
644
645 if(data_to_copy == 0) {
646 /*
647 * This is an error - data is being received and there is no
648 * space in the PDU. Free the received data and go into the fault state.
649 */
650 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
651 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
652 set_incoming_fault(p);
653 return -1;
654 }
655
656 /*
657 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
658 * number of bytes before we can do anything.
659 */
660
661 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
662 /*
663 * Always return here. If we have more data then the RPC_HEADER
664 * will be processed the next time around the loop.
665 */
666 return fill_rpc_header(p, data, data_to_copy);
667 }
668
669 /*
670 * At this point we know we have at least an RPC_HEADER_LEN amount of data
671 * stored in current_in_pdu.
672 */
673
674 /*
675 * If pdu_needed_len is zero this is a new pdu.
676 * Unmarshall the header so we know how much more
677 * data we need, then loop again.
678 */
679
680 if(p->in_data.pdu_needed_len == 0)
681 return unmarshall_rpc_header(p);
682
683 /*
684 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
685 * Keep reading until we have a full pdu.
686 */
687
688 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
689
690 /*
691 * Copy as much of the data as we need into the current_in_pdu buffer.
692 */
693
694 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
695 p->in_data.pdu_received_len += data_to_copy;
696
697 /*
698 * Do we have a complete PDU ?
699 */
700
701 if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
702 return process_complete_pdu(p);
703
704 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
705 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
706
707 return (ssize_t)data_to_copy;
708
709 }
710
711 /****************************************************************************
712 Accepts incoming data on an rpc pipe.
713 ****************************************************************************/
714
715 ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n)
716 {
717 size_t data_left = n;
718
719 DEBUG(6,("write_to_pipe: %x", p->pnum));
720
721 DEBUG(6,(" name: %s open: %s len: %d\n",
722 p->name, BOOLSTR(p->open), (int)n));
723
724 dump_data(50, data, n);
725
726 while(data_left) {
727 ssize_t data_used;
728
729 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
730
731 data_used = process_incoming_data(p, data, data_left);
732
733 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
734
735 if(data_used < 0)
736 return -1;
737
738 data_left -= data_used;
739 data += data_used;
740 }
741
742 return n;
743 }
744
745 /****************************************************************************
746 Replies to a request to read data from a pipe.
747
748 Headers are interspersed with the data at PDU intervals. By the time
749 this function is called, the start of the data could possibly have been
750 read by an SMBtrans (file_offset != 0).
751
752 Calling create_rpc_reply() here is a hack. The data should already
753 have been prepared into arrays of headers + data stream sections.
754 ****************************************************************************/
755
756 ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n)
757 {
758 uint32 pdu_remaining = 0;
759 ssize_t data_returned = 0;
760
761 if (!p || !p->open) {
762 DEBUG(0,("read_from_pipe: pipe not open\n"));
763 return -1;
764 }
765
766 DEBUG(6,("read_from_pipe: %x", p->pnum));
767
768 DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
769
770 /*
771 * We cannot return more than one PDU length per
772 * read request.
773 */
774
775 /*
776 * This condition should result in the connection being closed.
777 * Netapp filers seem to set it to 0xffff which results in domain
778 * authentications failing. Just ignore it so things work.
779 */
780
781 if(n > MAX_PDU_FRAG_LEN) {
782 DEBUG(5,("read_from_pipe: too large read (%u) requested on \
783 pipe %s. We can only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
784 }
785
786 /*
787 * Determine if there is still data to send in the
788 * pipe PDU buffer. Always send this first. Never
789 * send more than is left in the current PDU. The
790 * client should send a new read request for a new
791 * PDU.
792 */
793
794 if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
795 data_returned = (ssize_t)MIN(n, pdu_remaining);
796
797 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
798 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len,
799 (unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
800
801 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
802 p->out_data.current_pdu_sent += (uint32)data_returned;
803 goto out;
804 }
805
806 /*
807 * At this point p->current_pdu_len == p->current_pdu_sent (which
808 * may of course be zero if this is the first return fragment.
809 */
810
811 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
812 = %u, prs_offset(&p->out_data.rdata) = %u.\n",
813 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
814
815 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
816 /*
817 * We have sent all possible data, return 0.
818 */
819 data_returned = 0;
820 goto out;
821 }
822
823 /*
824 * We need to create a new PDU from the data left in p->rdata.
825 * Create the header/data/footers. This also sets up the fields
826 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
827 * and stores the outgoing PDU in p->current_pdu.
828 */
829
830 if(!create_next_pdu(p)) {
831 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name));
832 return -1;
833 }
834
835 data_returned = MIN(n, p->out_data.current_pdu_len);
836
837 memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
838 p->out_data.current_pdu_sent += (uint32)data_returned;
839
840 out:
841
842 return data_returned;
843 }
844
845 /****************************************************************************
846 Wait device state on a pipe. Exactly what this is for is unknown...
847 ****************************************************************************/
848
849 BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority)
850 {
851 if (p == NULL)
852 return False;
853
854 if (p->open) {
855 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
856 priority, p->name));
857
858 p->priority = priority;
859
860 return True;
861 }
862
863 DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
864 priority, p->name));
865 return False;
866 }
867
868
869 /****************************************************************************
870 Set device state on a pipe. Exactly what this is for is unknown...
871 ****************************************************************************/
872
873 BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state)
874 {
875 if (p == NULL)
876 return False;
877
878 if (p->open) {
879 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
880 device_state, p->name));
881
882 p->device_state = device_state;
883
884 return True;
885 }
886
887 DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
888 device_state, p->name));
889 return False;
890 }
891
892
893 /****************************************************************************
894 Close an rpc pipe.
895 ****************************************************************************/
896
897 BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn)
898 {
899 if (!p) {
900 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
901 return False;
902 }
903
904 prs_mem_free(&p->out_data.rdata);
905 prs_mem_free(&p->in_data.data);
906
907 if (p->mem_ctx)
908 talloc_destroy(p->mem_ctx);
909
910 /* Free the handles database. */
911 close_policy_by_pipe(p);
912
913 bitmap_clear(bmap, p->pnum - pipe_handle_offset);
914
915 pipes_open--;
916
917 DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n",
918 p->name, p->pnum, pipes_open));
919
920 DLIST_REMOVE(Pipes, p);
921
922 delete_nt_token(&p->pipe_user.nt_user_token);
923 SAFE_FREE(p->pipe_user.groups);
924
925 ZERO_STRUCTP(p);
926
927 SAFE_FREE(p);
928
929 return True;
930 }
931
932 /****************************************************************************
933 Find an rpc pipe given a pipe handle in a buffer and an offset.
934 ****************************************************************************/
935
936 pipes_struct *get_rpc_pipe_p(char *buf, int where)
937 {
938 int pnum = SVAL(buf,where);
939
940 if (chain_p)
941 return chain_p;
942
943 return get_rpc_pipe(pnum);
944 }
945
946 /****************************************************************************
947 Find an rpc pipe given a pipe handle.
948 ****************************************************************************/
949
950 pipes_struct *get_rpc_pipe(int pnum)
951 {
952 pipes_struct *p;
953
954 DEBUG(4,("search for pipe pnum=%x\n", pnum));
955
956 for (p=Pipes;p;p=p->next)
957 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n",
958 p->name, p->pnum, pipes_open));
959
960 for (p=Pipes;p;p=p->next) {
961 if (p->pnum == pnum) {
962 chain_p = p;
963 return p;
964 }
965 }
966
967 return NULL;
968 }
Samba GIT mirror